Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Moderate

CVE-2019-7548

Disclosure Date: February 06, 2019 (last updated November 27, 2024)
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
1
Attacker Value
Unknown

CVE-2022-40023

Disclosure Date: September 07, 2022 (last updated October 08, 2023)
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-7164

Disclosure Date: February 20, 2019 (last updated November 27, 2024)
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2012-0805

Disclosure Date: June 05, 2012 (last updated October 04, 2023)
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.
0
0